winload[.]exe | Triage

Sharing

General

Target

winload.exe
Size

107KB
MD5

7caf3c7964032824eb725dd26eb6b9ce
SHA1

8c8cd6e191b18169c93047318780e816a42e9e4f
SHA256

6c56de94a2f81328dbf5aabc8097d86a7b26fe67804550b81a254cd50fdbeeeb
SHA512

b23a440d31b92fb8b0959e4e2c4f48fc00fc76ccdb07b142290bb8d987f6a4e232bff4a517d26845362bcba9d0e7f75ff89d45ab84c8211306411affe6fd362e
SSDEEP

1536:NzqwtZBFxUyAA3U0uQ79pe9pTZDIQazd85NT9NnXuamnssH50etnq2rbDm9RlekD:p9iyF5uipeTx7auNp97mssrLr/mFXe+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winload.exe

Files

winload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ